From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 11 May 1996 09:50:05 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: PGP, Inc.
In-Reply-To: <01I4IPAJCSGG8Y5AJT@mbcl.rutgers.edu>
Message-ID: <199605101639.LAA19438@homeport.org>
MIME-Version: 1.0
Content-Type: text


They claim to make an effort that the email address is unique, and
that Verisign!!'s shamrock@netcom.com will only be issued once.

Adam


E. ALLEN SMITH wrote:
| 
| 
| From:	IN%"shamrock@netcom.com"  9-MAY-1996 23:02:01.67
| 
| >At 19:37 5/9/96, E. ALLEN SMITH wrote:
| >>        I can see some fascinating legal questions with what, exactly, a
| >>VeriSign certificate obligates the company for. Digital signature laws should
| >>get interesting - any application of this to the Utah one?
| 
| >VeriSign is going to offer four levels of certs. The first requires only
| >uniqueness. For the other three levels, VeriSign will require more and
| >better assurances of the correctness of True Name stated on the cert. I
| >don't know what form these assurances are supposed to take.
| 
| 	The first level, in other words, is less of a certification than a PGP
| key with self-signature and signature from one other person. It doesn't have
| _any_ effort to verify that the email address stated on it is the actual email
| address of that nym. Or am I misinterpreting you?
| 	-Allen
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume